Pkcs11Interop icon indicating copy to clipboard operation
Pkcs11Interop copied to clipboard

Published 20 hours ago verified publisher icon Pkcs11Interop

People don't read PKCS#11 specification

Open jariq opened this issue 7 years ago • 8 comments

Our documentation currently recommends reading the most important chapters of PKCS#11 specification:

It is highly recommended that before you start using Pkcs11Interop you get familiar at least with "Chapter 2 - Scope", "Chapter 6 - General overview" and "Chapter 10 - Objects" of PKCS#11 v2.20 specification (or equivalent chapters of any previous or subsequent specification version).

However it seems most people ignore it and because of that they have trouble writing correct code for multithreading environments.

We could try to improve the situation by simplyfying the high level API and making it foolproof for users who do not read but it would most likely become unusable for advanced use cases.

I really don't want to sacrifice the power of high level APIs so let's first try to extract most important parts of PKCS#11 specification and put them into lightweight document that can be read in 10 minutes and can be easily understanded by most .NET devs.

jariq avatar Jul 13 '17 08:07 jariq

Another option could be a lightweight class on top of the current Api class. The new class would sacrifice flexibility (i.e. advanced use cases) in favor of ease of use.

Timovzl avatar Jan 04 '18 11:01 Timovzl

@Timovzl I'm already working on such thing. Take a look at Pkcs11Interop.X509Store project.

jariq avatar Jan 04 '18 12:01 jariq

@Timovzl I'm already working on such thing. Take a look at Pkcs11Interop.X509Store project.

Looks good. Does this handle asymmetric crypto only, or symmetric as well?

Timovzl avatar Jan 15 '18 10:01 Timovzl

Looks good. Does this handle asymmetric crypto only, or symmetric as well?

I am currently focusing only on asymmetric (RSA and EC) algorithms. Symmetric algorithms might be added in the future.

jariq avatar Jan 15 '18 18:01 jariq

Where are this Chapters, i cant find Chapter-2 and 6 and 10

firuges avatar Oct 09 '18 18:10 firuges

Where are this Chapters, i cant find Chapter-2 and 6 and 10

https://github.com/Pkcs11Interop/PKCS11-SPECS/blob/master/v2.20/pkcs-11v2-20.pdf?raw=true

jariq avatar Oct 10 '18 20:10 jariq

Thanks. I have Done brother, the signing into PDF with the smartcard, how i can with pkcs validate if PDF with signature is valid?

El mié., 10 oct. 2018 a las 17:29, Jaroslav Imrich (< [email protected]>) escribió:

Where are this Chapters, i cant find Chapter-2 and 6 and 10

https://github.com/Pkcs11Interop/PKCS11-SPECS/blob/master/v2.20/pkcs-11v2-20.pdf?raw=true

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Pkcs11Interop/Pkcs11Interop/issues/58#issuecomment-428719779, or mute the thread https://github.com/notifications/unsubscribe-auth/ATrS0JStY_y1yof1aCA9C9OIymonbEFpks5ujli_gaJpZM4OWq-i .

--

  • ! Maximiliano Cesán Herrera ! *

firuges avatar Oct 11 '18 23:10 firuges

Maybe https://github.com/Pkcs11Interop/PKCS11-SPECS/blob/master/v2.40/pkcs11-ug-v2.40-cn02.pdf could be an existing alternative to the lightweight document you mention?

Disclaimer: I haven't (yet) read the specs :)

BTW, is the 2.20 spec still the recommended version to read? I see v2.40 seems to be the newest version of the standard. And there is also a very recent 3.0 public candidate standard http://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.pdf

mlaily avatar May 21 '20 08:05 mlaily